Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2498 matches found

NVD
NVDadded 2026/04/07 3:17 p.m.4 views

CVE-2026-5378

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

6.8CVSS0.00191EPSS
Exploits0References2
NVD
NVDadded 2026/04/07 3:17 p.m.1 views

CVE-2026-5374

An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...

5.8CVSS0.00208EPSS
Exploits0References2
NVD
NVDadded 2026/04/07 3:17 p.m.5 views

CVE-2026-35458

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely...

9.8CVSS0.00497EPSS
Exploits1References1
CVE
CVEadded 2026/04/07 2:24 p.m.12 views

CVE-2026-35458

Gotenberg CVE-2026-35458 affects the Chromium module of Gotenberg (forms/chromium/screenshot/url) where user-supplied scope patterns are compiled with dlclark/regexp2 without a timeout, enabling ReDoS/backtracking that can hang workers and impact availability. Affected code paths and versions are...

9.8CVSS5.9AI score0.00497EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/04/07 2:24 p.m.16 views

CVE-2026-35458 Gotenberg has a ReDoS via extraHttpHeaders scope feature

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely...

8.7CVSS0.00497EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/04/07 2:24 p.m.3 views

CVE-2026-35458

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely...

8.7CVSS5.9AI score0.00497EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/04/07 2:12 p.m.15 views

CVE-2026-5384 runZero Platform incorrect credential scope

An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...

5.8CVSS0.00208EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/07 2:12 p.m.1 views

CVE-2026-5384 runZero Platform incorrect credential scope

An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...

5.8CVSS5.8AI score0.00208EPSS
Exploits0References2
CVE
CVEadded 2026/04/07 2:12 p.m.6 views

CVE-2026-5384

The CVE-2026-5384 issue affects the runZero Platform, where a credential could be updated and subsequently used for a task outside the authorized organization scope. This is categorized as CWE-863: Incorrect Authorization. The vulnerability is tied to credential handling that allows scope to be b...

5.8CVSS5.8AI score0.00208EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/07 2:12 p.m.1 views

CVE-2026-5383 runZero Explorer missing authorization check

An issue that could allow access to Explorer groups from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L 4.4 Medium. This issue was fixed in...

4.4CVSS5.8AI score0.00179EPSS
Exploits0References2
CVE
CVEadded 2026/04/07 2:12 p.m.4 views

CVE-2026-5383

Summary: CVE-2026-5383 affects runZero Explorer, described as an incorrect authorization (CWE-863) that could allow access to Explorer groups from outside the authorized organization scope. It is scored CVSSv3.1: AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L (4.4, Medium) and has been fixed in runZero Expl...

4.4CVSS5.8AI score0.00179EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/07 2:12 p.m.17 views

CVE-2026-5382 runZero Platform MCP endpoint information leak

An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue was fixed in...

3CVSS0.00174EPSS
Exploits0References2
CVE
CVEadded 2026/04/07 2:12 p.m.10 views

CVE-2026-5381

CVE-2026-5381 concerns the runZero Platform where task information could be exposed outside the authorized organization scope due to an incorrect authorization (CWE-863). The issue carries a CVSS v3.1 base score of 2.2 (LOW), with vector AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N. The vulnerability is m...

2.2CVSS5.8AI score0.00174EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/07 2:11 p.m.16 views

CVE-2026-5378 runZero Platform user creation leak

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

5.8CVSS0.00191EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/07 2:11 p.m.0 views

CVE-2026-5378

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

5.8CVSS5.8AI score0.00191EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/07 2:11 p.m.4 views

CVE-2026-5378 runZero Platform user creation leak

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

5.8CVSS5.8AI score0.00191EPSS
Exploits0References2
CVE
CVEadded 2026/04/07 2:11 p.m.8 views

CVE-2026-5378

The CVE-2026-5378 issue affects the runZero Platform. Affected component: user management functionality in the RunZero platform. Description indicates an Incorrect Authorization flaw that allowed administrators to create and update users outside of their authorized organization scope. Root cause ...

6.8CVSS5.8AI score0.00191EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/07 2:10 p.m.2 views

CVE-2026-5374

An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...

5.8CVSS5.8AI score0.00208EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/04/07 12:0 a.m.2 views

PT-2026-30879

An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...

5.8CVSS5.8AI score0.00208EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/04/07 12:0 a.m.8 views

PT-2026-30873

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

5.8CVSS5.8AI score0.00191EPSS
Exploits0References3
Rows per page
Query Builder